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DETAILED ACTION 

1 . Claims 1-21 are pending in this application. 

2. Claims 1-2, 4-6, 8-10, 12, 15-17 and 19 are presently amended. 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office Action. 

Continued Examination Under 37 CFR 1.114 

4. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 29 
February 2008 has been entered. 

Claim Rejections - 35 USC § 103 

5. Claims 1- 21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Shefi (Patent No.: US 6,445794 B1) in view of Hattick et al. (Pub. No.: US 
2003/01 12972 Al ) (hereinafter "Hattick") and Douceur et al. (Patent Number: 
6,021 ,203), hereinafter "Douceur". 

6. As to claim 1 , Shefi disclose a system for authenticating a client device 
requesting a session of service from a service provider, comprising: 
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at least two matching one-time pad cryptological tables (column 4, lines 5-15, 
"...an identical electronic one-time pad at a first location and at a second location"), a 
first of which is stored in a client device ("a first electronic device" - e.g. column 4, lines 
5-20), and a second of which is accessible by a service security server ("a second 
electronic device" - e.g. column 4, lines 5-15), each table having multiple entries 
(column 11, lines 13-30, "...a true number is selected from at least one table containing 
true random number is selected from at least one table containing true random 
numbers..."), each entry including a field for a indicator of previous use (column 1 1 , 
lines 10-30, "..table containing true random numbers according to a pointer"), said 
previous use indicator for each entry being initialized in an "unused" state (Shefi 
teaching this concept by selecting true random number that is identical at all locations - 
e.g. column 11, lines 10-30), each row containing at least one pad value ("random 
number" -e.g. column 11, lines 10-.30); 

Shefi doesn't explicitly disclose a code exchanger configured to receive a One 
Time Pad value from said client device by said service security server upon request for 
initiation of a service session; a code comparator configured to determine if said 
received One Time Pad value is marked as "used" or "unused" in said second table; a 
service session grantor configured to grant said service request responsive to 
determination that said received One Time Pad value is unused, including changing 
said used indicator to a "used" state upon said grant of service; and a client device 
reconfigurator configured to challenge said user of said client device responsive to 
determining that said received pad value is marked as "used", and to replace said first 
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and second tables with new, synclironized tables responsive to successful response by 
said user to said challenge, completing authentication of said client device without the 
need for a service history counter. 

However, Hattick discloses a code exchanger configured to receive a value from 
said client device by said service security server upon request for initiation of a service 
session ([0017], [0023]); a code comparator configured to determine if said received 
value is marked as "used" or "unused" in said second table ([0019], lines 9-17); a 
service session grantor configured to grant said service request responsive to 
determination that said received value is unused ([0023]-[0024]), including changing 
said used indicator to a "used" state upon said grant of service ([0019], lines 9-17); and 
a client device reconfigurator configured to challenge said user of said client device 
responsive to determining that said received value is marked as "used" ([0017], [0019], 
[0023]), and to replace said first and second tables with new, synchronized tables 
responsive to successful response by said user to said challenge, completing 
authentication of said client device without the need for a service history counter 
([0017], [0019], [0023]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi as taught by Hattick in 
order to provide low cost provable secure authentication of remote devices. 

Although Hattick exchanges random value ([0017], [0019], [0023]), neither Shefi 
nor Hattick explicitly disclose exchanging One Time Pad value. However, Douceur 
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discloses exclianging One Time Pad value (FIG. 4, FIG. 6, col. 3, lines 15-37 and col.4, 

lines 14-34). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi and Hattick by replacing 
random value with One Time Pad as taught by Douceur in order to increase the integrity 
of authentication. 

7. As to claims 8 and 1 5, these are rejected using the same rationale as for the 
rejection of claim 1 . 

8. As to claim 2, Shefi discloses wherein: said one-time pad cryptological tables 
further comprise a sequence index (column 11, lines 10-30, "..table containing true 
random numbers according to a pointer"). Shefi doesn't explicitly disclose said code 
comparator is further configured to determine if said received One Time Pad value is a 
next unused pad according to said sequence indicators; said session grantor is 
configured to grant a session only if said received pad is a next expected One Time Pad 
value; and said client device reconfigurator is adapted to respond to said received pad 
value not being a next expected One Time Pad value. 

However, Hattick discloses said code comparator is further configured to 
determine if said received value is a next unused pad according to said sequence 
indicators; said session grantor is configured to grant a session only if said received 
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value is a next expected value; and said client device reconfigurator is adapted to 
respond to said received value not being a next expected pad value ([0019], [0023]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi as taught by Hattick in 
order to provide low cost provable secure authentication of remote devices. 

Although Hattick exchanges random value ([0017], [0019], [0023]), neither Shefi 
nor Hattick explicitly disclose exchanging One Time Pad value. However, Douceur 
discloses exchanging One Time Pad value (FIG. 4, FIG. 6, col. 3, lines 15-37 and col.4, 
lines 14-34). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi and Hattick by replacing 
random value with One Time Pad as taught by Douceur in order to increase the integrity 
of authentication. 

9. As to claims 9 and 16, these are rejected using the same rationale as for the 
rejection of claim 2. 

1 0. As to claim 3, Shefi discloses wherein said code exchanger comprises at least 

one communications network selected from the group of a telephone network, a 
wireless data network, a Local Area Network, a Wide Area Network, and an Internet 
(column 19, lines 28-36). 
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11. As to claims 10 and 17, these are rejected using tine same rationale as for the 
rejection of claim 3. 



1 2. As to claim 4, Shefi doesn't explicitly disclose wherein client device 
reconfigurator is configured to challenge said user with one or more methods selected 
from the group of requiring a user name input, requiring a password input, requiring an 
account number input, requiring an answer to a secret question, and requiring a user- 
designated response. 

However, Hattick discloses wherein client device reconfigurator is adapted to 
challenge said user with one or more methods selected from the group of requiring a 
user name input, requiring a password input, requiring an account number input, 
requiring an answer to a secret question, and requiring a user-designated response 
([0021]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi as taught by Hattick in 
order to provide integrity protection of signaling messages and on user traffic 
confidentiality over the wireless network. 



1 3. As to claims 1 1 and 18, these are rejected using the same rationale as for the 

rejection of claim 4. 
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14. As to claim 5, Sliefi discloses one-time pad cryptological table (column 4, lines 5- 
15). However Shefi doesn't explicitly disclose further comprise an expiration field for 
each entry; said code comparator is further configured to determine if said received pad 
is expired; said session grantor is configured to grant a session only if said received pad 
is unexpired; and said client device reconfigurator is configured to respond to said 
received pad being expired. 

However, Hattick discloses further comprise an expiration field for each entry 
([0019], [0021]); said code comparator is further configured to determine if said received 
pad is expired ([0019], [0021]); said session grantor is configured to grant a session 
only if said received pad is unexpired ([0019], [0021]); and said client device 
reconfigurator is configured to respond to said received pad being expired ([0019], 
[0021]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi as taught by Hattick in 
order to provide integrity protection of signaling messages and on user traffic 
confidentiality over the wireless network. 

15. As to claims 12 and 19, these are rejected using the same rationale as for the 
rejection of claim 5. 

16. As to claim 6, neither Shefi nor Hattick explicitly discloses wherein said client 
device reconfigurator is configured to replace said tables using a secure replacement 
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method. However, Douceur discloses replacing tables using a secure replacement 
method (abstract, "secure channel"). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi and Hattick as taught by 
Douceur in order to increase the confidentiality and integrity of the data. Furthermore, 
one would be motivated to do so to transmit data over the public network. 

1 7. As to claims 1 3 and 20, these are rejected using the same rationale as for the 
rejection of claim 6. 

18. As to claim 7, Shefi doesn't explicitly disclose wherein said service session 
grantor is further configured to require a second step of acknowledgment between said 
service security server and said client device before said entry is marked as "used". 
However, Hattick discloses wherein said service session grantor is further configured to 
require a second step of acknowledgment between said service security server and said 
client device before said entry is marked as "used" ([0019], [0021], [0023]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify the teaching of Shefi as taught by Hattick in 
order to provide integrity protection of signaling messages and on user traffic 
confidentiality over the wireless network. 
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1 9. As to claims 14 and 21 , these are rejected using tine same rationale as for the 
rejection of claim 7. 

20. Examiner's note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may be applied as well. It is respectfully requested from the applicant, in preparing the 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention as well as the context of the passage as taught by the prior art 
or disclosed by the examiner. 

Response to Amendment 

21 . Applicant has amended claims 1 -2, 4-6, 8-1 0, 1 2, 1 5-1 7 and 1 9, which 
necessitated new ground of rejection. See rejection above. 

Conclusion 

22. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SUMAN DEBNATH whose telephone number is 
(571 )270-1256. The examiner can normally be reached on 8 am to 5 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on 571 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/S. D./ 

Examiner, Art Unit 2135 
/KIMYEN VU/ 

Supervisory Patent Examiner, Art Unit 2135 



